Hello! On Sun, Feb 25, 2007 at 12:28:13AM +0100, Nicolas François wrote: > On Fri, Feb 23, 2007 at 09:05:57AM -0800, [EMAIL PROTECTED] wrote: > > I'm not sure if this is the correct behavior or not. I inherited it, and > > I don't know if there's any documentation about what one is *supposed* to > > to. It causes strange problems on Solaris 8 and 9 as well (I haven't been > > able to test Solaris 10). > > pam-krb5's behavior is probably correct. (maybe it could implement > PAM_DATA_SILENT support for pam_end; but it would not help in this case, > as su do not use it;)
PAM_DATA_SILENT is only a proposed extension, therefor I would not recommend using it. It seems strange, that "su" should be the only/first program encountering this problem. > Philipp, does su seems to behave correctly when you remove the pam_end > call in the child? Yes, it works as expected. This is also what I think is right, but before proposing this change, I liked some discussion with others. > My current opinion is that we should remove this pam_end, which would make > the su behavior consistent with login. (BTW, does login behaves correctly > regarding pam-krb5?) Yes, login works right. Perhaps taking a look at all those libpam-\* modules might shed some more light on the situation, what modules do. Especially what they do in cleanup() on pam_end(). BYtE Philipp -- Philipp Matthias Hahn <[EMAIL PROTECTED]> GPG/PGP: 9A540E39 @ keyrings.debian.org
